import SPI;
import Credential;
import Util;
import OpenApiUtil;
import EndpointUtil;
import EncodeUtil;
import SignatureUtil;
import String;
import Map;
import Array;

extends SPI;

type @endpointSuffix = string
type @signatureTypePrefix = string
type @signPrefix = string
type @sha256 = string
type @sm3 = string

init() {
  super();
  // CLOUD4-
  @signatureTypePrefix = 'ACS4-';
  // cloud_v4
  @signPrefix = 'aliyun_v4';
  @endpointSuffix = 'aliyuncs.com';
  @sha256 = `${@signatureTypePrefix}HMAC-SHA256`;
  @sm3 = `${@signatureTypePrefix}HMAC-SM3`;
}

async function modifyConfiguration(context: SPI.InterceptorContext, attributeMap: SPI.AttributeMap): void {
  var request = context.request;
  var config = context.configuration;
  var attributes = attributeMap.key;
  if (!Util.isUnset(attributes)) {
    @signatureTypePrefix = attributes.signatureTypePrefix;
    @signPrefix = attributes.signPrefix;
    @endpointSuffix = attributes.endpointSuffix;
    @sha256 = `${@signatureTypePrefix}HMAC-SHA256`;
    @sm3 = `${@signatureTypePrefix}HMAC-SM3`;
  }
  config.endpoint = getEndpoint(request.productId, config.regionId, config.endpointRule, config.network, config.suffix, config.endpointMap, config.endpoint);

}

async function modifyRequest(context: SPI.InterceptorContext, attributeMap: SPI.AttributeMap): void {
  var request = context.request;
  var config = context.configuration;
  var date = OpenApiUtil.getTimestamp();
  request.headers = {
    host = config.endpoint,
    x-acs-version = request.version,
    x-acs-action = request.action,
    user-agent = request.userAgent,
    x-acs-date = date,
    x-acs-signature-nonce = Util.getNonce(),
    accept = 'application/json',
    ...request.headers
  };
  var signatureAlgorithm : string = Util.defaultString(request.signatureAlgorithm, @sha256);
  var hashedRequestPayload = EncodeUtil.hexEncode(EncodeUtil.hash(Util.toBytes(''), signatureAlgorithm));

  if (!Util.isUnset(request.stream)) {
    var tmp = Util.readAsBytes(request.stream);
    hashedRequestPayload = EncodeUtil.hexEncode(EncodeUtil.hash(tmp, signatureAlgorithm));
    request.stream = tmp;
    request.headers.content-type = 'application/octet-stream';
  } else {
    if (!Util.isUnset(request.body)) {
      if (Util.equalString(request.reqBodyType, 'json')) {
        var jsonObj = Util.toJSONString(request.body);
        hashedRequestPayload = EncodeUtil.hexEncode(EncodeUtil.hash(Util.toBytes(jsonObj), signatureAlgorithm));
        request.stream = jsonObj;
        request.headers.content-type = 'application/json; charset=utf-8';
      } else {
        var m = Util.assertAsMap(request.body);
        var formObj = OpenApiUtil.toForm(m);
        hashedRequestPayload = EncodeUtil.hexEncode(EncodeUtil.hash(Util.toBytes(formObj), signatureAlgorithm));
        request.stream = formObj;
        request.headers.content-type = 'application/x-www-form-urlencoded';
      }
    }
  }

  if (Util.equalString(signatureAlgorithm, @sm3)) {
    request.headers.x-acs-content-sm3 = hashedRequestPayload;
  } else {
    request.headers.x-acs-content-sha256 = hashedRequestPayload;
  }
  

  if (!Util.equalString(request.authType, 'Anonymous')) {
    var credential : Credential = request.credential;
    if (Util.isUnset(credential)) {
      throw {
        code = 'ParameterMissing',
        message = '\'config.credential\' can not be unset'
      };
    }

    var credentialModel = credential.getCredential();
    if (!Util.empty(credentialModel.providerName)) {
      request.headers.x-acs-credentials-provider = credentialModel.providerName;
    }
    var authType = credentialModel.type;
    if (Util.equalString(authType, 'bearer')) {
      var bearerToken = credential.getBearerToken();
      request.headers.x-acs-bearer-token = bearerToken;
      request.headers.x-acs-signature-type = 'BEARERTOKEN';
      request.headers.Authorization = `Bearer ${bearerToken}`;
    } else if (Util.equalString(authType, 'id_token')) {
      var idToken = credentialModel.securityToken;
      request.headers.x-acs-zero-trust-idtoken = idToken;
    } else {
      var accessKeyId = credentialModel.accessKeyId;
      var accessKeySecret = credentialModel.accessKeySecret;
      var securityToken = credentialModel.securityToken;

      if (!Util.empty(securityToken)) {
        request.headers.x-acs-accesskey-id = accessKeyId;
        request.headers.x-acs-security-token = securityToken;
      }
      var dateNew = String.subString(date, 0, 10);
      dateNew = String.replace(dateNew, '-', '', null);
      var region = getRegion(request.productId, config.endpoint, config.regionId);
      var signingkey = getSigningkey(signatureAlgorithm, accessKeySecret, request.productId, region, dateNew);
      request.headers.Authorization = getAuthorization(request.pathname, request.method, request.query, request.headers, signatureAlgorithm, hashedRequestPayload, accessKeyId, signingkey, request.productId, region, dateNew);
    }
    
  }
}

async function modifyResponse(context: SPI.InterceptorContext, attributeMap: SPI.AttributeMap): void {
  var request = context.request;
  var response = context.response;
  if (Util.is4xx(response.statusCode) || Util.is5xx(response.statusCode)) {
    var _res = Util.readAsJSON(response.body);
    var err = Util.assertAsMap(_res);
    var requestId = defaultAny(err.RequestId, err.requestId);
    if (!Util.isUnset(response.headers.x-acs-request-id)) {
      requestId = response.headers.x-acs-request-id;
    }
    err.statusCode = response.statusCode;
    throw {
      code = `${defaultAny(err.Code, err.code)}`,
      message = `code: ${response.statusCode}, ${defaultAny(err.Message, err.message)} request id: ${requestId}`,
      data = err,
      description = `${defaultAny(err.Description, err.description)}`,
      accessDeniedDetail = defaultAny(err.AccessDeniedDetail, err.accessDeniedDetail),
    };
  }
  if (Util.equalNumber(response.statusCode, 204)) {
      Util.readAsString(response.body);
  } else if (Util.equalString(request.bodyType, 'binary')) {
    response.deserializedBody = response.body;
  } else if (Util.equalString(request.bodyType, 'byte')) {
    var byt = Util.readAsBytes(response.body);
    response.deserializedBody = byt;
  } else if (Util.equalString(request.bodyType, 'string')) {
    var str = Util.readAsString(response.body);
    response.deserializedBody = str;
  } else if (Util.equalString(request.bodyType, 'json')) {
    var obj = Util.readAsJSON(response.body);
    var res = Util.assertAsMap(obj);
    response.deserializedBody = res;
  } else if (Util.equalString(request.bodyType, 'array')) {
    var arr = Util.readAsJSON(response.body);
    response.deserializedBody = arr;
  } else {
    response.deserializedBody = Util.readAsString(response.body);
  }
}

function getEndpoint(productId: string, regionId: string, endpointRule: string, network: string, suffix: string, endpointMap: map[string]string, endpoint: string) throws: string{
  if (!Util.empty(endpoint)) {
    return endpoint;
  }

  if (!Util.isUnset(endpointMap) && !Util.empty(endpointMap[regionId])) {
    return endpointMap[regionId];
  }
  return EndpointUtil.getEndpointRules(productId, regionId, endpointRule, network, suffix);
}

function defaultAny(inputValue: any, defaultValue: any): any {
  if (Util.isUnset(inputValue)) {
    return defaultValue;
  }
  return inputValue;
}

async function getAuthorization(pathname: string, method: string, query: map[string]string, headers: map[string]string, signatureAlgorithm: string, payload: string, ak: string, signingkey: bytes, product: string, region: string, date: string): string {
  var signature = getSignature(pathname, method, query, headers, signatureAlgorithm, payload, signingkey);
  var signedHeaders = getSignedHeaders(headers);
  var signedHeadersStr = Array.join(signedHeaders, ';');
  return `${signatureAlgorithm} Credential=${ak}/${date}/${region}/${product}/${@signPrefix}_request,SignedHeaders=${signedHeadersStr},Signature=${signature}`;
}

async function getSignature(pathname: string, method: string, query: map[string]string, headers: map[string]string, signatureAlgorithm: string, payload: string, signingkey: bytes): string {
  var canonicalURI : string = '/';
  if (!Util.empty(pathname)) {
    canonicalURI = pathname;
  }
  var stringToSign : string = '';
  var canonicalizedResource = buildCanonicalizedResource(query);
  var canonicalizedHeaders = buildCanonicalizedHeaders(headers);
  var signedHeaders = getSignedHeaders(headers);
  var signedHeadersStr = Array.join(signedHeaders, ';');
  stringToSign = `${method}\n${canonicalURI}\n${canonicalizedResource}\n${canonicalizedHeaders}\n${signedHeadersStr}\n${payload}`;
  var hex = EncodeUtil.hexEncode(EncodeUtil.hash(Util.toBytes(stringToSign), signatureAlgorithm));
  stringToSign = `${signatureAlgorithm}\n${hex}`;
  var signature = Util.toBytes('');
  if (Util.equalString(signatureAlgorithm, @sha256)) {
    signature = SignatureUtil.HmacSHA256SignByBytes(stringToSign, signingkey);
  } else if (Util.equalString(signatureAlgorithm, @sm3)) {
    signature = SignatureUtil.HmacSM3SignByBytes(stringToSign, signingkey);
  }
  return EncodeUtil.hexEncode(signature);
}

async function getSigningkey(signatureAlgorithm: string, secret: string, product: string, region: string, date: string): bytes {
  var sc1 = `${@signPrefix}${secret}`;
  var sc2 = Util.toBytes('');
  if (Util.equalString(signatureAlgorithm, @sha256)) {
    sc2 = SignatureUtil.HmacSHA256Sign(date, sc1);
  } else if (Util.equalString(signatureAlgorithm, @sm3)) {
    sc2 = SignatureUtil.HmacSM3Sign(date, sc1);
  }
  var sc3 = Util.toBytes('');
  if (Util.equalString(signatureAlgorithm, @sha256)) {
    sc3 = SignatureUtil.HmacSHA256SignByBytes(region, sc2);
  } else if (Util.equalString(signatureAlgorithm, @sm3)) {
    sc3 = SignatureUtil.HmacSM3SignByBytes(region, sc2);
  }
  var sc4 = Util.toBytes('');
  if (Util.equalString(signatureAlgorithm, @sha256)) {
    sc4 = SignatureUtil.HmacSHA256SignByBytes(product, sc3);
  } else if (Util.equalString(signatureAlgorithm, @sm3)) {
    sc4 = SignatureUtil.HmacSM3SignByBytes(product, sc3);
  }
  var hmac = Util.toBytes('');
  if (Util.equalString(signatureAlgorithm, @sha256)) {
    hmac = SignatureUtil.HmacSHA256SignByBytes(`${@signPrefix}_request`, sc4);
  } else if (Util.equalString(signatureAlgorithm, @sm3)) {
    hmac = SignatureUtil.HmacSM3SignByBytes(`${@signPrefix}_request`, sc4);
  }
  return hmac;
}

function getRegion(product: string, endpoint: string, regionId: string): string {
  if (!Util.empty(regionId)) {
    return regionId;
  }
  var region = 'center';
  if (Util.empty(product) || Util.empty(endpoint)) {
    return region;
  }
  var strs : [string] = String.split(endpoint, ':', null);
  var withoutPort : string = strs[0];
  var preRegion: string = String.replace(withoutPort, `.${@endpointSuffix}`, '', null);
  var nodes = String.split(preRegion, '.', null);
  if (Util.equalNumber(Array.size(nodes), 2)) {
    region = nodes[1];
  }
  return region;
}

async function buildCanonicalizedResource(query: map[string]string): string {
  var canonicalizedResource : string = '';
  if (!Util.isUnset(query)) {
    var queryArray : [string] = Map.keySet(query);
    var sortedQueryArray = Array.ascSort(queryArray);
    var separator : string = '';
    for(var key : sortedQueryArray) {
      canonicalizedResource = `${canonicalizedResource}${separator}${EncodeUtil.percentEncode(key)}`;
      if (!Util.empty(query[key])) {
        canonicalizedResource = `${canonicalizedResource}=${EncodeUtil.percentEncode(query[key])}`;
      }
      separator = '&';
    }
  }
  return canonicalizedResource;
}

async function buildCanonicalizedHeaders(headers: map[string]string): string {
  var canonicalizedHeaders : string = '';
  var sortedHeaders : [string] = getSignedHeaders(headers);
  for(var header : sortedHeaders) {
    canonicalizedHeaders = `${canonicalizedHeaders}${header}:${String.trim(headers[header])}\n`;
  }
  return canonicalizedHeaders;
}

async function getSignedHeaders(headers: map[string]string): [string] {
  var headersArray : [string] = Map.keySet(headers);
  var sortedHeadersArray = Array.ascSort(headersArray);
  var tmp : string = '';
  var separator : string = '';
  for(var key : sortedHeadersArray) {
    var lowerKey = String.toLower(key);
    if (String.hasPrefix(lowerKey, 'x-acs-') || String.equals(lowerKey, 'host')
            || String.equals(lowerKey, 'content-type')) {
      if (!String.contains(tmp, lowerKey)) {
        tmp = `${tmp}${separator}${lowerKey}`;
        separator = ';';
      }
    }
  }
  return String.split(tmp, ';', null);
}